Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
23-01-2025 08:03
General
-
Target
JaffaCakes118_154229059395b26059f7ec1671569fde.exe
-
Size
52KB
-
MD5
154229059395b26059f7ec1671569fde
-
SHA1
5fb7c5029dafa567e52495ea8a3aae961df6ddfa
-
SHA256
250e7d0728d5815e0fa242e8a7730959295b3017aa2d809f46f8a06787248044
-
SHA512
680d4ff12188643eb6692c29980ed73c8c3ef1be2998f6704e0b89f5d32ee8306751aa90faa6e0e7630fec4c270beef0ea2bcceb39578bcd737741a3045d0ba8
-
SSDEEP
1536:q3j72srzVRv7Kf4AH+pdcDJVoYMeKTn1:uusXjTuoaD6eK71
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_154229059395b26059f7ec1671569fde.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_154229059395b26059f7ec1671569fde.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5fa4ad419cdb06f164b0553f52178e1f8
SHA1aecac04d0d61003389a63120040f3e1b72029bea
SHA25681b86d9533e4370bb38f97b7e4eb5a9f94f6f991ac3196e6a0c2a217bf852b41
SHA5129acba08e53bb2a05476a632c28256271a2031f2eab51455f434f1124d79ecc56d16921224def74420ac2ea473b0e364dda98e9e7b277823cdcedaa2cdf58f8ab
-
Filesize
342B
MD55b2321e2aca7e8f56cca87c2885b8f95
SHA13a39f31140a9ed310686ce19ca73062c77bda684
SHA256e93f53582abb83b60f8eeaaf1b5b66fbcd1c68395dcc3608691044fee9407cce
SHA512bee80c16e3a73bd34c6f837ad35117da1075d2bc04c49645206c3103ad07c5ecfe74f4dc4f3fcda5087e4a5ad279201824a6916821379928663113bf759b2421
-
Filesize
342B
MD5149296c30ad78b9fae57fde65ea40ee7
SHA16b6823c5f655509e9849bb466ed3ad364b13028f
SHA256ceb6c83d3be465af55bac1fd9a6d74e51879009427df959ee261e2ee682f9f87
SHA512b2666ef930d179cd1f3fa7fa03c196e7cee0b7d22963e49e2daf6b179e29e1e5ca53bd6dcc4bd530a5eed2e501a2415bf6f82bed258ed205fcc760a4816432f3
-
Filesize
342B
MD5c8810ff80072fbc0562aebec7caa159d
SHA1809a000eded87892aa82bec885cd1008035d67c8
SHA2565471d8ee119ccf0afb69c302cccca4bd2f1d039276efb72cfdb5bf8edfa7e0b2
SHA51204232c46d275f8df57bf6e8153449cc52f54b2e36d2fea6babd6d4c4d51a5deec0bdb569a62b56600329ac79003e5469263c71484d89d9dd5a2e3fcfac74159c
-
Filesize
342B
MD5a0c1f4405184dd26cd713c3557527ca6
SHA1e8a45cace8a8a2ecc655b5cc8b9d0953b0fa2a6c
SHA256ebea1f2e3a73e3d15c590eadc0986a134fafbd38744e532ce624e9083ddbf2a1
SHA5120160412c4ad435c4bb8867e17e285dbaeb23531cacb26dc364b4203a94d85f3fd0cb4314aa9db94cdeaa1fa0760e8461afd1cd22ddd5c12cd14f6fce318d963e
-
Filesize
342B
MD50f77c79dfe931954dc651134282cf5a3
SHA133160b39ce6e60957002837e8227dab801627298
SHA2560c2ee85b3fb14bcdab695cb7d630f52ddeb56557600e8589e39047886964c91c
SHA512d2da09b9df111e049cf2f3b6caad8ee1a250555cbe9c5ff022de2a4d2da674982fe588f4b7300c0213c97c3e97a448590f8cf3bd39ceccf7052e14233e1eb9ba
-
Filesize
342B
MD5d12e2cdaab2df4c85b5a3251292dcf5d
SHA19ae75204776a3b170f647e4bdbf5a0e0032dbc93
SHA256ffd9be90fdd26d981c3dff49ddc1b0eca4ca22c3be5e103e052614abe7143a46
SHA512063adba75f8d495b859bb8152ade425954b9cad0ad3a0710610820a9f3e253fc7b7d074bd7102573395e3d892dc8f0f9b9c1b69d468749b822cb3e4d9ffb1ea1
-
Filesize
342B
MD5e9c3346649f3e5beb75fa08e1f46392c
SHA134362bd60f9a31f5cbee9cd304726176d8ed365d
SHA256479f9d20aa995b97fec2b4223c9bad7a15c22ad355d128f18e2edb5c88e8fbe9
SHA51287f6cadecdb55028268c55a19ca33f4ddb7f619f465b27a354f524bf64b0567a0badcde8589625900d3db18f45ab6d9154e3c0cd6592d19c55691b63caccae64
-
Filesize
342B
MD5e0d6caa25ff9cba8a640d4ad86193414
SHA10e5c73f825936ccd54dfdd8136f9a08031696799
SHA2567701f11e8c9aaac167047dbbb274a5964fa2239b81a42b7847b034f8b42abe7c
SHA5127cf8c8507b81b574999c407ad40decc86082258c53d64dc08238c654dc648cd286ebee94361a93ffb6ce01c30dfe6611405d8d93e5ce19b0062af27d2fb4205a
-
Filesize
342B
MD5f749a5288563d67bed9b155274e5f5d9
SHA1c6352b29d76d716ffb7f32d849222b3ad766cc44
SHA256bcb7a1390202b9ba8759738d56a8e7bb354f3e62d416e173c61c61f1f1b40038
SHA512cb29e307ab9690de87149dbed11ca0fa09a7edc9ca2ccf449e7110af8e5961d66bca8142285f493425fd1efd66809bd77d8a8ee78bcaa6851a02fafcc602729d
-
Filesize
342B
MD51012c60803882069cf4a7e31d34b215b
SHA174b2e18d91352963d1965bb5d5cf708489b85930
SHA256f4d4bed7fa7f551d7a1ddf66c78b0af2cb5eaff9a8ba07f20c4f0009f225ec46
SHA5128a3acd82facccd2546422f86088add0ec1aace345279faed06152abf2746f0a843da4ea941728e44d3ae8dbfcabf183cbdce9fe313cd205c6a0f313bc3d6e524
-
Filesize
342B
MD504016a4fb69b6e6ea6e87171c3d47e01
SHA1de76ebad815582cca1b55c31785efa12ae4ab23d
SHA25654583dada8b156eaa36423ca537f2b1cdafdfec19bf8b9aa13e7cf248acc1dca
SHA512023399dca46b0aa26d0477cc55868e7815b44e85e0a392eef4add4b22a62d23cab4a0c766ee5097b3e2c9e7a2e56f861bc3c1543dba2433ec36d33a0f4fc53d3
-
Filesize
342B
MD5aa2e485275c58dc16b5a8abb4efb1525
SHA1f78932d304a2e744e5b85a2b50f51526338a1f78
SHA256f88e98c60a408a0d3fe70ee8186206801958eff907e4bef1c80b65f4377e285f
SHA512ff09609b02d18ff2fe1c8ef966379d76b981ffa3876722594f076c566c2419de52fdaa16ad89140aa7ce30013496445366886ca847433ab66df536fbf94119c4
-
Filesize
342B
MD5ba905acdc952c5e36e9560a89b1337d6
SHA12c90b9d75fbee5f3e37c1438f016f92d9f01d966
SHA256d8c36fa50facd7c7d4138989fd417dd75528b0ffeca2867cf2c9a7658dfd7672
SHA512529126f071100ab347403bf46544997e0fe26a7c0ea963821fdf2fe89dc95273f2c56b00728e7bc5241cc469c8f85084eb3c5d9b787a36ac90f4b381b6e0663f
-
Filesize
342B
MD559925e0fd044d8dbbe4919f4b6337e2b
SHA1d1715b0c85e71bbc360d4f7c8a38f4279206623c
SHA256c856e77f842f2bf7933c7e125033d66f571ca976db0486e3c9fb13e5a4d11b31
SHA5126a6ebffd22951ccba2f8c25c5edde556dde95d0cbea730000dd444cf9ae35496147fef0072a48192f7fdbdf2d837ec8741677d7c7260bfad467e7450bbaab9e9
-
Filesize
342B
MD5c1b9da8c23453efcaea6ba3b9fc39e64
SHA1af489a5315227dc632216911a46943ee33605b78
SHA256558edb0a7a85b63ca3f966c911e06fd54787efd8ade56f495c449844583b7c05
SHA512116e56275f0cb926362a09a753a9c3a718a5e059b530bec0246d5d2515e8b42385dd5a8e50544ba71aad164b1f4f417dfd56953a53c2b4a1c7242993b789fd15
-
Filesize
342B
MD5b874eefbe152e92721d7987b7db385b8
SHA1c8e31354978ec0c7ccb98152ac0d731a67de5de0
SHA256744a6398b06caac7ca431dd15f0f99c2d0f0e81cda7d7fb20d7fed97fa387647
SHA512a7c80937e7a560420a6b1f0c12aadf54759300071018f6da8502008d8b5b16c210b359e49596faadab7e4fc4c6113e3f1db21e72de02729d299b23e30332f44f
-
Filesize
342B
MD54853144f6672e74df5eea03749a77835
SHA1ccc89244a3aa2d2ad708761e1d6cc85a84b83f65
SHA2561751345fb50554053673b728974affe7e977f2c1621fb87c4b406e05adfb95b4
SHA512ae92542e93a824263140d0dea0ad4d1083f36f03e8fdff17962c2144ac5265904098c9e6eef1700790e887cad2ff8dee6dee91cd9d75f87d8f31062fa002504e
-
Filesize
342B
MD5ebd3be84781539a9ee8ea700c1184649
SHA1f47b6b80d16eba031fcdc5e19bc11a8de64a4902
SHA256c468ac4a39ef1e27f5ecce5c9d06c6d1635a4e72fdc506351c688c8ba8960c6d
SHA512fa9aa5fc88dcb87f3938c889b9bddb73b14e82936d330eecaaff6ce38f52353b3c7b0b8cf6522a54242997b0355a6e1380c17cfd019e67322f36f6c2101d6f47
-
Filesize
342B
MD56d10bb9402519d4ffd3e36b13e4640d1
SHA17708b3311d1f852593f8c8a500320a138633c6ac
SHA25696eb15f225a68992f7028fee02024f6c946e2c0d3256fbe0f94b997eb28a0ac4
SHA5121f1caaef405608b1c550032363dc10467bf0fc0851b0869a2cbe9f693943137eb6f3a32248993b20a87382fc5b8208a60f2398ce8789dc6292d0eca765ee6cc8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
52KB
MD5154229059395b26059f7ec1671569fde
SHA15fb7c5029dafa567e52495ea8a3aae961df6ddfa
SHA256250e7d0728d5815e0fa242e8a7730959295b3017aa2d809f46f8a06787248044
SHA512680d4ff12188643eb6692c29980ed73c8c3ef1be2998f6704e0b89f5d32ee8306751aa90faa6e0e7630fec4c270beef0ea2bcceb39578bcd737741a3045d0ba8
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
8KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
4KB
-
Filesize
76KB